diff options
| author | Benjamin Kramer <benny.kra@googlemail.com> | 2013-03-29 21:43:21 +0000 |
|---|---|---|
| committer | Benjamin Kramer <benny.kra@googlemail.com> | 2013-03-29 21:43:21 +0000 |
| commit | 054faa5a4883c1a216f1edce62eb464913b33213 (patch) | |
| tree | 1f6044cc592d8f633ce43d625535ed65e1bcd508 /clang/lib/Sema/SemaExpr.cpp | |
| parent | cf1dc8d39e2c9870468ca86f7956a65c7745fece (diff) | |
| download | bcm5719-llvm-054faa5a4883c1a216f1edce62eb464913b33213.tar.gz bcm5719-llvm-054faa5a4883c1a216f1edce62eb464913b33213.zip | |
Sema: Warn on sizeof on binary ops on decayed arrays.
The array will decay into a pointer, creating an unexpected result.
sizeof(array + int) is an easy to make typo for sizeof(array) + int.
This was motivated by a NetBSD security bug, used sizeof(key - r) instead of
sizeof(key) - r, reducing entropy in a random number generator.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/subr_cprng.c.diff?r1=1.14&r2=1.15&only_with_tag=MAIN&f=h
Differential Revision: http://llvm-reviews.chandlerc.com/D571
llvm-svn: 178371
Diffstat (limited to 'clang/lib/Sema/SemaExpr.cpp')
| -rw-r--r-- | clang/lib/Sema/SemaExpr.cpp | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp index c6882908c24..62bfa3c709d 100644 --- a/clang/lib/Sema/SemaExpr.cpp +++ b/clang/lib/Sema/SemaExpr.cpp @@ -3089,6 +3089,24 @@ static bool CheckObjCTraitOperandConstraints(Sema &S, QualType T, return false; } +/// \brief Check whether E is a pointer from a decayed array type (the decayed +/// pointer type is equal to T) and emit a warning if it is. +static void warnOnSizeofOnArrayDecay(Sema &S, SourceLocation Loc, QualType T, + Expr *E) { + // Don't warn if the operation changed the type. + if (T != E->getType()) + return; + + // Now look for array decays. + ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(E); + if (!ICE || ICE->getCastKind() != CK_ArrayToPointerDecay) + return; + + S.Diag(Loc, diag::warn_sizeof_array_decay) << ICE->getSourceRange() + << ICE->getType() + << ICE->getSubExpr()->getType(); +} + /// \brief Check the constrains on expression operands to unary type expression /// and type traits. /// @@ -3142,6 +3160,16 @@ bool Sema::CheckUnaryExprOrTypeTraitOperand(Expr *E, } } } + + // Warn on "sizeof(array op x)" and "sizeof(x op array)", where the array + // decays into a pointer and returns an unintended result. This is most + // likely a typo for "sizeof(array) op x". + if (BinaryOperator *BO = dyn_cast<BinaryOperator>(E->IgnoreParens())) { + warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(), + BO->getLHS()); + warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(), + BO->getRHS()); + } } return false; |
